Security protocols in constrained
environments
Chris Swan
@cpswan

TL;DR
System type
Such as
Will it work?
The issue
Low end embedded Atmel 8-bit AVR
(most Arduino),
TI MSP-430
No
SRAM
Mid-high end
embedded
Anything ARM
based (e.g. STM
Discovery, TI
Stellaris) inc.
Arduino Due
With some effort
Library, key and
cipher suite
wrangling
Linux OS
Raspberry Pi,
BeagleBone,
Arduino Yún
Yes
-

Agenda
• Anatomy of a security protocol
– The key exchange dance
•
•
•
•
Linux makes things easy
Libraries for higher end microcontrollers
SRAM on low end microcontrollers
Summary

Which security protocols?
The ‘S’ protocols:
Secure Sockets Layer (SSL)
Superseded by Transport Layer Security (TLS)
Secure SHell (SSH)
Internet Protocol Security (IPsec)

SSL Handshake

Client Hello

It’s a similar story for SSH

and IPsec

Linux makes this easy
If not already built in to a particular distribution
then use favourite package manager to get:
(no relation)

Things get trickier with embedded
But by no means impossible…

Stack trades offs may be made

But those keys won’t fit into 2K
At least not with anything resembling a useful
application…
… Arduino struggles with MQTT and 1wire

Summary
System type
Such as
Will it work?
The issue
Low end embedded Atmel 8-bit AVR
(most Arduino),
TI MSP-430
No
SRAM
Mid-high end
embedded
Anything ARM
based (e.g. STM
Discovery, TI
Stellaris) inc.
Arduino Due
With some effort
Library, key and
cipher suite
wrangling
Linux OS
Raspberry Pi,
BeagleBone,
Arduino Yún
Yes
-

Questions?

Further reading
PolarSSL tutorial
https://polarssl.org/kb/how-to/polarssl-tutorial
AVR32753: AVR32 UC3 How to connect to an
SSL-server
http://www.atmel.com/Images/doc32111.pdf
STM32 Discovery: Porting Polar SSL
http://hobbymc.blogspot.co.uk/2011/02/stm32discovery-porting-polar-ssl.html